Add guard it the callback-env var is set over env, that there is no modifications because of the port variable

2026-04-11 13:47:05 +02:00 · 2026-02-10 18:32:01 +01:00
parent a65bbe985e
commit ad44e2732f
4 changed files with 49 additions and 1 deletions
--- a/internal/config/settings.go
+++ b/internal/config/settings.go
@@ -1321,6 +1321,15 @@ func GetPortFromEnv() (int, bool) {
 	return 0, false
 }

+// GetCallbackURLFromEnv returns the CALLBACK_URL environment variable value and whether it's set.
+func GetCallbackURLFromEnv() (string, bool) {
+	v := strings.TrimSpace(os.Getenv("CALLBACK_URL"))
+	if v == "" {
+		return "", false
+	}
+	return strings.TrimRight(v, "/"), true
+}
+
 // GetBindAddressFromEnv returns the BIND_ADDRESS environment variable value if set, and whether it's set
 // If not set, returns "0.0.0.0" as the default bind address
 // Validates that the address is a valid IP address format
--- a/pkg/web/handlers.go
+++ b/pkg/web/handlers.go
@@ -2078,6 +2078,14 @@ func GetSettingsHandler(c *gin.Context) {
 		response["port"] = envPort
 	}

+	// Check if CALLBACK_URL environment variable is set
+	envCallbackURL, envCallbackURLSet := config.GetCallbackURLFromEnv()
+	response["callbackUrlEnvSet"] = envCallbackURLSet
+	response["callbackUrlFromEnv"] = envCallbackURL
+	if envCallbackURLSet {
+		response["callbackUrl"] = envCallbackURL
+	}
+
 	c.JSON(http.StatusOK, response)
 }

@@ -2103,6 +2111,12 @@ func UpdateSettingsHandler(c *gin.Context) {
 		req.Port = envPort
 	}

+	// Check if CALLBACK_URL environment variable is set - if so, ignore changes from request
+	envCallbackURL, envCallbackURLSet := config.GetCallbackURLFromEnv()
+	if envCallbackURLSet {
+		req.CallbackURL = envCallbackURL
+	}
+
 	oldSettings := config.GetSettings()
 	newSettings, err := config.UpdateSettings(req)
 	if err != nil {
--- a/pkg/web/static/js/settings.js
+++ b/pkg/web/static/js/settings.js
@@ -85,6 +85,26 @@ function loadSettings() {
      // Set callback URL and add auto-update listener for port changes
      const callbackURLInput = document.getElementById('callbackURL');
      callbackURLInput.value = data.callbackUrl || '';
+      const callbackUrlEnvHint = document.getElementById('callbackUrlEnvHint');
+      const callbackUrlEnvValue = document.getElementById('callbackUrlEnvValue');
+      const callbackUrlDefaultHint = document.getElementById('callbackUrlDefaultHint');
+
+      if (data.callbackUrlEnvSet) {
+        // CALLBACK_URL env is set - make field readonly and show hint
+        callbackURLInput.value = data.callbackUrlFromEnv || data.callbackUrl || '';
+        callbackURLInput.readOnly = true;
+        callbackURLInput.classList.add('bg-gray-100', 'cursor-not-allowed');
+        callbackUrlEnvValue.textContent = data.callbackUrlFromEnv || data.callbackUrl || '';
+        callbackUrlEnvHint.style.display = 'block';
+        callbackUrlDefaultHint.style.display = 'none';
+      } else {
+        // CALLBACK_URL env not set - allow editing
+        callbackURLInput.readOnly = false;
+        callbackURLInput.classList.remove('bg-gray-100', 'cursor-not-allowed');
+        callbackUrlEnvHint.style.display = 'none';
+        callbackUrlDefaultHint.style.display = 'block';
+      }
+
      const callbackSecretInput = document.getElementById('callbackSecret');
      const toggleLink = document.getElementById('toggleCallbackSecretLink');
      if (callbackSecretInput) {
@@ -101,6 +121,7 @@ function loadSettings() {
      
      // Auto-update callback URL when port changes (if using default localhost pattern)
      function updateCallbackURLIfDefault() {
+        if (data.callbackUrlEnvSet) return; // Skip auto-update when env is set
        const currentPort = parseInt(uiPortInput.value, 10) || 8080;
        const currentCallbackURL = callbackURLInput.value.trim();
        // Check if callback URL matches default localhost pattern
--- a/pkg/web/templates/index.html
+++ b/pkg/web/templates/index.html
@@ -313,7 +313,11 @@
            <label for="callbackURL" class="block text-sm font-medium text-gray-700 mb-2" data-i18n="settings.callback_url">Fail2ban Callback URL</label>
            <input type="text" class="w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" id="callbackURL"
                   data-i18n-placeholder="settings.callback_url_placeholder" placeholder="http://127.0.0.1:8080" />
-            <p class="text-xs text-gray-500 mt-1" data-i18n="settings.callback_url_hint">This URL is used by all Fail2Ban instances to send ban alerts back to Fail2Ban UI. For local deployments, use the same port as Fail2Ban UI (e.g., http://127.0.0.1:8080). For reverse proxy setups, use your TLS-encrypted endpoint (e.g., https://fail2ban.example.com).</p>
+            <p class="mt-1 text-sm text-gray-500" id="callbackUrlEnvHint" style="display: none;">
+              <span data-i18n="settings.callback_url_env_set">Callback URL is set via CALLBACK_URL environment variable:</span>
+              <span id="callbackUrlEnvValue"></span>. <span data-i18n="settings.callback_url_env_hint">To change the callback URL via Web UI, remove the CALLBACK_URL environment variable and restart the container.</span>
+            </p>
+            <p class="text-xs text-gray-500 mt-1" id="callbackUrlDefaultHint" data-i18n="settings.callback_url_hint">This URL is used by all Fail2Ban instances to send ban alerts back to Fail2Ban UI. For local deployments, use the same port as Fail2Ban UI (e.g., http://127.0.0.1:8080). For reverse proxy setups, use your TLS-encrypted endpoint (e.g., https://fail2ban.example.com).</p>
          </div>

          <div class="mb-4">